Fortinet has released critical security updates for FortiOS, addressing vulnerabilities that could lead to code execution. The updates target multiple stack-based buffer overflow vulnerabilities in FortiOS’s command line interpreter, identified as CVE-2024-23110, with a CVSS score of 7.4. These flaws could potentially be exploited by authenticated attackers using specially crafted command line arguments to execute unauthorized code or commands.
Additionally, Fortinet has addressed several medium-severity issues across its products, including FortiProxy, FortiPAM, and FortiSwitchManager. These vulnerabilities include a stack-based overflow in the fgfmd daemon (CVE-2024-26010) and a cross-site scripting flaw in the reboot page (CVE-2024-23111), both posing risks of arbitrary code execution under specific conditions.
Although Fortinet did not confirm active exploitation in the wild, these vulnerabilities underscore the importance of promptly updating affected FortiOS versions. Organizations are advised to upgrade to the latest FortiOS releases (7.4.3, 7.2.7, 7.0.14, 6.4.15, or 6.2.16) to mitigate potential security risks associated with these critical and medium-severity issues.
These measures aim to bolster system security and protect against potential threats targeting vulnerabilities in Fortinet’s products, ensuring that users can operate their systems with enhanced safety and reliability.
Reference:
